Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 31 Oct 2002 17:48:24 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 31 Oct 2002 17:48:24 -0500 Received: from almesberger.net ([63.105.73.239]:64007 "EHLO host.almesberger.net") by vger.kernel.org with ESMTP id ; Thu, 31 Oct 2002 17:48:22 -0500 Date: Thu, 31 Oct 2002 19:54:42 -0300 From: Werner Almesberger To: john stultz Cc: lkml Subject: Re: What's left over. Message-ID: <20021031195442.Y1421@almesberger.net> References: <20021031031932.GQ15886@ns> <1036098562.12714.50.camel@cog> <20021031184933.B2599@almesberger.net> <1036103533.12714.71.camel@cog> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1036103533.12714.71.camel@cog>; from johnstul@us.ibm.com on Thu, Oct 31, 2002 at 02:32:12PM -0800 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1341 Lines: 31 john stultz wrote: > Ugh, that seems dangerous. Too many forgotten ACL links and then I could > accidentally give a vague acquaintance access to all my data meant for > close friends. The idea is that you'd typically have (a) (small number of) specific location(s) where you keep your files representing groups, e.g. $HOME/acls/ for your personal lists, maybe ~project/acls/ for projects, etc. If you think already this is dangerous, then you should be terrified by regular, non-aggregateable ACLs ;-) I'm not saying that ACLs aren't useful, only that the lack of aggregateability makes them hard to maintain, so that people frequently fall back to setup scripts that simple re-create their ACL configuration. Once you're at this point, ACLs have lost much of their usefulness, and you might as well use some suid program that creates groups for you. - Werner -- _________________________________________________________________________ / Werner Almesberger, Buenos Aires, Argentina wa@almesberger.net / /_http://www.almesberger.net/____________________________________________/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/